RE: Network "Change Management"

From: Marty Armstrong (MartyA_at_patchlink.com)
Date: 09/20/04

  • Next message: Meatplow: "iptables & tcp wrappers"
    Date: Mon, 20 Sep 2004 12:34:32 -0700
    To: <focus-linux@securityfocus.com>
    
    


    Yes, try http://www.netreg.org/ NetReg: Automated DHCP Registration System it is used by the education sector. Its open source and Linux os based.

    -Marty Armstrong
    PatchLink Corporation
    -----Original Message-----


            -----Original Message-----
            From: Zow" Terry Brugger [mailto:zow@llnl.gov]
            Sent: Thu 9/16/2004 12:24 PM
            To: Dave Torre
            Cc: focus-linux@securityfocus.com
            Subject: Re: Network "Change Management"
            
            

            Dave,

    > Does anyone know of a Linux utility that can watch the MAC address
    > tables in Cisco switches and alert admins as to when a new device has
    > been plugged in?

            I don't work with Cisco switches too much, however you may be able to
            configure it to send an snmp alert to your Linux box when a new device is
            plugged in. You'd then use snmp-util (or whatever it's called these days) to
            handle the message on the Linux side.

            Alternatively you can set up arpwatch on your Linux box and periodically ping
            your whole range of IPs. Arpwatch will alert you when it sees new or changed
            MAC addresses for those IPs.

    > Basically, we have your standard client network with DHCP. Internet
    > access is restricted to authenticated users, and so are the file shares.
    > However, we've had a few instances where people just plug in their
    > personal laptops which makes me very worried...

            Okay, then a couple other things you might want to consider:
            1. If it is a managed switch, you should be able to configure it to only
            allow MACs on a given list, hence preventing new boxes from even getting a
            layer 2 connection.
            2. Set up the dhcp server to only allocate IPs to certain MAC addresses.
            3. You should be able to get dhcpd to report to you when it allocates to a
            previously unseen MAC address (probably by throwing together some scripts to
            parse the log messages and comparing the MACs in them to a list).

            Of course, all of the above are assuming that someone isn't spoofing their
            MAC address to one that you allow on your network. Typically someone has to
            be deliberately malicious to do that though, so the above strategies
            (especially blocking based on MAC) are good for stopping people from
            connecting up their personal laptop and infecting the network with the worm
            du jure. The best prevention against MAC spoofing is to trust your users.

            Hope this helps,
            Terry



  • Next message: Meatplow: "iptables & tcp wrappers"

    Relevant Pages

    • Re: what to do after "Touretzkeys book"?
      ... IBM has some Linux hackers, ... see what your point is and how you discount IBM's open source contributions. ... or some kernel device driver... ... generated by people who are paid to do the hacking. ...
      (comp.lang.lisp)
    • Red Hat: Open Source News (fwd)
      ... Red Hat Open Source News ... To challenge the dominance of Microsoft's Windows PC operating system, ... Japan is promoting the Linux system in public schools. ... Open Source Law: Open source and the IT trade deficit ...
      (comp.os.linux.announce)
    • Re: Check that out: THe Bottom Line: Software and copyright
      ... Undisclosed source code did NOT originate with Microsoft. ... to get Adobe Photoshop to work on Linux. ... Open source can be a misnomer, but in general, open source is a product of ... SCO can't be sold short ... ...
      (linux.redhat.misc)
    • Re: Check that out: THe Bottom Line: Software and copyright
      ... Undisclosed source code did NOT originate with Microsoft. ... to get Adobe Photoshop to work on Linux. ... Open source can be a misnomer, but in general, open source is a product of ... SCO can't be sold short ... ...
      (comp.os.linux.misc)
    • Re: Future of IT in Lebanon
      ... Because India has the lowest per capita GDP? ... So Longhorn is not an experiment and Linux is an experiment? ... Developers can take an Open Source product and build on it, and that's great, but a couple of issues: i) They still have to target an environment; ii) none of the products providing real revenue to corporations today are Open Source. ... The Novel Linux integrates the Linux kernel product with other propreitary products to come up with a new derived product. ...
      (soc.culture.lebanon)